On Mon, 14 Jan 2002 measlat_private wrote: > > So far, so good. The request is for a PTR > record: 0.xxx.xxx.xx.in-addr.arpa. No, that's not a typo, they are > requesting reverse for the network address at .0. Don't get too worried about the 0. part... recall that these are in reverse order, so the guy is asking for a name for x.y.z.0. Or maybe that's what you were worried about. It's not common but, depending on subnet mask, .0 addresses aren't always reserved. > A packet capture shows > absolutely nothing out of the ordinary, other than the freaky request, and > the regularity of the requests, about one request every five seconds, round > the clock. So this begs the question... is this DNS server supposed to be serving in-addr.arpa records? I.e. is it reverse for some network addresss range? If so, is there a possibility that that network range is a smurf amplifier? Ryan ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jan 15 2002 - 13:10:12 PST